Trojan.Apmod

This page contains detailed analysis on Trojan.Apmod. To get rid of this Trojan, please use the removal guide below.

Trojan.Apmod is a computer Trojan infection that operates on Apache Web server and host malicious web pages. This Trojan is responsible for spreading unwanted programs and other forms of threat through the Internet.

As mentioned, Trojan.Apmod will target Apache sever modules which is typically used by web hosting companies. The Trojan does not have ability to install itself on target machine so authors behind this attack devices a way to trick server administrators. Trojan.Apmod often embeds itself on executable files or attached to spam email messages. Server administrators need to manually execute the Trojan by in order to gain access on target machine.

Once Trojan.Apmod is running, it will drop several files on the system. We need to reiterate that it can affect both Windows and Linux servers. However, it will drop different files for each system.

The Trojan then monitors usage for the hosted web pages and record all data it may gather. It will use the data to inject an iframe tag into these pages and displays relevant but malicious information for the visitors.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Trojan.Apmod:

1. Temporarily Disable System Restore.
2. Update the virus definitions.
3. Restart Windows in Safe Mode.
4. Run a full system scan and clean/delete all infected files.
5. Delete/Modify any values added to the registry.
6. Exit registry editor and restart Windows.

Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.

Technical Details and Additional Information:

Other functionalities of this Trojan:
– Download and execute files
– Monitors requests for web pages and injects an infected iframe tag

Malicious Files Added by Trojan.Apmod:

Linux:
/usr/lib/apache2/modules/dl.so

Windows:
[APACHE ROOT FOLDER]\modules\dl.so
%Temp%/sess_[RANDOM CHARACTERS]
%Temp%/lol

Leave a Reply

Your email address will not be published. Required fields are marked *